-
-
Notifications
You must be signed in to change notification settings - Fork 498
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Traffic not blocked if service not running #1183
Comments
Hi @voidray , The main component of OpenSnitch is the daemon, the GUI is just a frontend to control the daemon. All the functionality is implemented in the daemon.
You can change the DefaultAction to 'deny', well from the GUI (Preferences->Nodes) or well from the configuration: If the GUI is running, you'll be prompted to allow/deny outbound connections. If it's not running, all outbound connections should be denied. |
If the daemon is not running outbound connections are not blocked, that is what my problem is. |
ok, but why is it not running? please, post the log /var/log/opensnitchd.log and the output of By the way, what distro and opensnitch version are you running? Also it'll be useful launching it manually to see what's going on: first be sure that it's not running: then launch it as root: ~ $ sudo su
~ # /usr/bin/opensnitchd -rules-path /etc/opensnitchd/rules/ |
To quote from the linked ticket "If the app crashes or even from a delay in launching at boot, all apps are allowed internet access until opensnitch is opened again, which could open up security issues." |
hmm, there could be an option to block all traffic if the daemon is not running under this item opensnitch/daemon/default-config.json Line 18 in 14747a0
either by adding a fw rule to block outbound connections, or a module. For now the service must be running to block outbound connections. |
Not sure if this is a bug, but I want to block all connections if the service is not running.
I set "DefaultAction": "deny" in /etc/opensnitchd/default-config.json, but this is only applied if the service is running.
I would like to have aynthing blocked and then decide what to allow (whitelist). Ideally in the UI I can see what is necessary.
The same question was asked here #884, but the issue was closed.
Ideally the service wouldn't be needed and the ui would just define the rules. This is how for example SimpleWall works on Windows, where the Windows internal firewall is used. I don't know the internals of OpenSnitch and the firewall concept in Linux to be able to say if that is possible in Linux.
The text was updated successfully, but these errors were encountered: